Intelligent Configuration Discovery Techniques

1. A system, comprising: one or more computing devices of a network-accessible configuration discovery service; wherein the one or more computing devices are configured to: receive, from a first data source, a first data set pertaining to configuration items associated with a particular client, generate, based at least in part on analysis of the first data set, a service-side identifier for a particular configuration item associated with the particular client, wherein the first data set includes a first data-source-side identifier of the first configuration item, and wherein the first data set includes a first collection of one or more attributes of the particular configuration item; receive, from a second data source, a second data set pertaining to configuration items associated with the particular client; determine that the second data set includes a second collection of one or more attributes of the particular configuration item, and wherein the second data set does not include the first data-source-side identifier; update, based at least in part on a first trust score associated with the first data source, and based at least in part on a second trust score associated with the second data source, a coalesced configuration record corresponding to the particular configuration item, wherein the coalesced configuration record comprises a plurality of attributes of the particular configuration item; in response to a query received via a programmatic interface, transmit a representation of at least a portion of the coalesced configuration record.

2. The system as recited in claim 1 , wherein the one or more computing devices are configured to: receive, via a bulk import programmatic interface, the first data set; and receive, via an event-level programmatic interface, the second data set.

3. The system as recited in claim 1 , wherein the one or more computing devices are configured to: receive, via a programmatic interface, an indication of a first item group descriptor, wherein the first item group descriptor indicates one or more of: (a) an expected interconnection topology of a plurality of configuration items associated with an application, (b) an expected item name list associated with the application or (c) an expected pattern of communication between a pair of configuration items associated with the application; and designate, based at least in part on one or more attributes of the particular configuration item, and based at least in part on the first item group descriptor, the particular configuration item as a member of a particular item group with a particular item group tag; and store an indication that the particular item group tag is assigned to the first coalesced configuration record.

4. The system as recited in claim 1 , wherein the one or more computing devices are configured to: determine, based at least in part on an analysis of a third data set, that one or more network packets have been received at a receiving endpoint from a sending endpoint via an obfuscating intermediary, wherein the receiving endpoint is represented by a second configuration item at the configuration discovery service, and wherein an identity of a representative configuration item for the sending endpoint has not been determined at the configuration discovery service; and initiate an execution of an endpoint detection algorithm with respect to the sending endpoint; and update a second coalesced configuration record based at least in part on a result of the endpoint detection algorithm.

5. The system as recited in claim 1 , wherein the one or more computing devices are configured to: assign respective relevance scores to individual ones of a plurality of configuration items, including the particular configuration item; and generate a response to a second query based at least in part on a relevance score assigned to the particular configuration item.

6. A method, comprising: performing, by one or more computing devices of a network-accessible configuration discovery service; generating, based at least in part on analysis of a first data set produced by a first configuration data source, a service-side identifier for a particular configuration item associated with a particular client, wherein the first data set includes a first collection of one or more attributes of the particular configuration item; determining that a second data set includes a second collection of one or more attributes of the particular configuration item, wherein the second data set does not include the service-side identifier; updating, based at least in part on a first trust score associated with the first configuration data source, a first coalesced configuration record corresponding to the particular configuration item; and in response to a query received via a programmatic interface, transmitting a representation of at least a portion of the first coalesced configuration record.

7. The method as recited in claim 6 , further comprising performing, by the one or more computing devices: receiving, via a bulk import programmatic interface of the network-accessible configuration discovery service, the first data set exported from a configuration management database of the client; and receiving, via an event-level programmatic interface of the network-accessible configuration discovery service, the second data set.

8. The method as recited in claim 6 , further comprising performing, by the one or more computing devices: generating, based at least in part on an examination of a third collection of one or more attributes included in a third data set, a second service-side identifier designated for a second configuration item; storing a second coalesced configuration record associated with the second configuration item; determining, after storing the second coalesced configuration record, that the third collection of one or more attributes are associated with the particular configuration item for which the first coalesced configuration record was updated; modifying the first coalesced configuration record based at least in part on contents of the second coalesced configuration record; and removing the second coalesced configuration record.

9. The method as recited in claim 8 , wherein said determining that the third collection of one or more attributes are associated with the particular configuration item comprises one or more of: (a) receiving a correction request via a programmatic interface or (b) performing a resource usage correlation analysis.

10. The method as recited in claim 6 , further comprising performing, by the one or more computing devices: receiving, via a programmatic interface, an indication of a first item group descriptor, wherein the first item group descriptor indicates one or more of: (a) an expected interconnection topology of a plurality of configuration items associated with an application, (b) an expected item name list associated with the application, (c) an expected pattern of communication between a pair of configuration items associated with the application; and designating, based at least in part on one or more attributes of the particular configuration item, and based at least in part on the first item group descriptor, the particular configuration item as a member of a particular item group with a particular item group tag; and storing an indication that the particular item group tag is assigned to the first coalesced configuration record.

11. The method as recited in claim 6 , further comprising performing, by the one or more computing devices: determining, based at least in part on an analysis of a third data set, that one or more network packets have been received at a receiving endpoint from a sending endpoint via an obfuscating intermediary, wherein the receiving endpoint is represented by a second configuration item at the configuration discovery service, and wherein an identity of a representative configuration item for the sending endpoint has not been determined at the configuration discovery service; and initiating an execution of an endpoint detection algorithm with respect to the sending endpoint; and updating a second coalesced configuration record based at least in part on a result of the endpoint detection algorithm.

12. The method as recited in claim 11 , wherein the endpoint detection algorithm comprises one or more of (a) issuing a sequence of connection establishment and connection termination requests, (b) matching delays between receptions of successive network packets to delays between transmissions of successive network packets, or (c) analyzing packet sequence numbers.

13. The method as recited in claim 6 , further comprising performing, by the one or more computing devices: assigning respective relevance scores to individual ones of a plurality of configuration items, including the particular configuration item; and generating, based at least in part on a relevance score assigned to a second configuration item, a response to a second query.

14. The method as recited in claim 13 , further comprising performing, by the one or more computing devices: determining a relevance score of the second configuration item based at least in part on one or more of: (a) a repetition frequency associated with the second configuration item, (b) resource usage associated with the second configuration item, or (c) a query history associated with the second configuration item.

15. The method as recited in claim 6 , further comprising performing, by the one or more computing devices: storing a plurality of coalesced configuration records associated with a particular application at a first data store, wherein the first data store has a first average record retrieval latency, and wherein individual ones of the plurality of coalesced configuration records have associated timestamps; loading, in reverse chronological order with respect to the associated timestamps, at least a subset of the plurality of coalesced configuration records from the first data store to a second data store, wherein the second data store has a second average record retrieval latency which is smaller than the first average record retrieval latency; and providing, using the second data store, a response to a temporal query directed to the particular application.

16. A non-transitory computer-accessible storage medium storing program instructions that when executed on one or more processors: generate, based at least in part on analysis of a first data set provided by a first configuration data source, a service-side identifier for a particular configuration item associated with a particular client, wherein the first data set includes a first collection of one or more attributes of the particular configuration item, and wherein the first data set does not include the service-side identifier; determine that a second data set includes a second collection of one or more attributes of the particular configuration item, wherein the second data set does not include the service-side identifier; update, based at least in part on a first trust score associated with the first configuration data source, a first coalesced configuration record corresponding to the particular configuration item; and in response to a query received via a programmatic interface, transmit a representation of at least a portion of the first coalesced configuration record.

17. The non-transitory computer-accessible storage medium as recited in claim 16 , wherein the instructions when executed on the one or more processors: determine contents of a first item group descriptor, wherein the first item group descriptor indicates one or more of: (a) an expected interconnection topology of a plurality of configuration items associated with an application, (b) an expected item name list associated with the application, (c) an expected pattern of communication between a pair of configuration items associated with the application; and designate, based at least in part on one or more attributes of the particular configuration item, and based at least in part on the first item group descriptor, the particular configuration item as a member of a particular item group with a particular item group tag; and store an indication that the particular item group tag is assigned to the first coalesced configuration record.

18. The non-transitory computer-accessible storage medium as recited in claim 16 , wherein the instructions when executed on the one or more processors: determine, based at least in part on an analysis of a third data set, that one or more network packets have been received at a receiving endpoint from a sending endpoint via an obfuscating intermediary, wherein the receiving endpoint is represented by a second configuration item at a discovery service, and wherein an identity of a representative configuration item for the sending endpoint has not been determined at the discovery service; and initiate an execution of an endpoint detection algorithm with respect to the sending endpoint; and update a second coalesced configuration record based at least in part on a result of the endpoint detection algorithm.

19. The non-transitory computer-accessible storage medium as recited in claim 16 , wherein the instructions when executed on the one or more processors: assign respective relevance scores to individual ones of a plurality of configuration items, including the particular configuration item; and generate, based at least in part on a relevance score assigned to the particular configuration item, a response to a second query.

20. The non-transitory computer-accessible storage medium as recited in claim 16 , wherein the first configuration data source is instantiated at a data center of a first provider network operator, and wherein the instructions when executed on the one or more processors: establish network connectivity to a plurality of data sources including the first configuration data source, a second configuration data source and a third configuration data source to obtain configuration data pertaining to one or more applications of the particular client, wherein the second configuration data source is instantiated at a data center of a second provider network operator, and wherein the third configuration data source is instantiated at a data center which is not part of a provider network.